exploitDog

GHSA-c4g5-mpg9-gp62

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

Ссылки

EPSS

Процентиль: 86%

0.03045

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-326

Связанные уязвимости

CVE-2021-27200

CVSS3: 9.8

nvd

больше 4 лет назад

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

EPSS

Процентиль: 86%

0.03045

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-326